Hi all !
I am just asking myself how to secure our webserver with a couple of virtual hosts.
Currently we have a large installation of typo3 running. It has a feature called fileadmin with which you can easily upload files. As it is thereby possible to upload php scripts and execute via the browser it is to my opionion possible to access other users files. As the webserver and the files all have the same user, needed by the system.
Is there a way to secure this:
- chrooting virtual hosts in apache ?
- running multiple instances of apache
- some kind of security system with users and groups
- using directory settings ?
Any ideas
__________________________________________________________
Nik Engel NETWAYS GmbH
Senior Systems Engineer Deutschherrnstr. 47a
Fon.0911/92885-13 D-90429 Nürnberg
Fax.0911/92885-33
nengel@netways.de www.netways.de